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Abstract: Once the US Space Shuttle retires in 2010, the Russian Soyuz Launcher and Soyuz 
Spacecraft will comprise the only means for crew transportation to and from the International Space 
Station (1SS). The U.S. Government and NASA have contracted for crew transportation services to 
the 1SS with Russia. The resulting implications for the US space program including issues such as 
astronaut safety must be carefully considered. Are the astronauts and cosmonauts safer on the Soyuz 
than the Space Shuttle system? Is the Soyuz launch system more robust than the Space Shuttle? Is it 
safer to continue to fly the 30 year old Shuttle fleet for crew transportation and cargo resupply than 
the Soyuz? Should we extend the life of the Shuttle Program? How does the development of the 
Orion/ Ares crew transportation system affect these decisions? 

The Soyuz launcher has been in operation for over 40 years. There have been only two loss of life 
incidents and two loss of mission incidents. Given that the most recent incident took place in 1983, 
how do we determine current reliability of the system? Do failures of unmanned Soyuz rockets 
impact the reliability of the currently operational man-rated launcher? Does the Soyuz exhibit 
characteristics that demonstrate reliability growth and how would that be reflected in future estimates 
of success? 

NASA’s next manned rocket and spacecraft development project is currently underway. Though the 
projects ultimate goal is to return to the Moon and then to Mars, the launch vehicle and spacecraft’s 
first mission will be for crew transportation to and from the 1SS. The reliability targets are currently 
several times higher than the Shuttle and possibly even the Soyuz. Can these targets be compared to 
the reliability of the Soyuz to determine whether they are realistic and achievable? 

To help answer these questions this paper will explore how to estimate the reliability of the Soyuz 
Launcher/Spacecraft system, compare it to the Space Shuttle, and its potential impacts for the future 
of manned spaceflight. Specifically it will look at estimating the Loss of Mission (LOM) probability 
using historical data, reliability growth, and Probabilistic Risk Assessment techniques. 
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1. INTRODUCTION 

It is necessary to have an understanding of the reliability of the Soyuz Launcher, the Soyuz Spacecraft 
vehicle, and the reliability of the end-to-end Soyuz system of ascent, on-orbit operations, and entry. 
Then it is necessary to compare the Soyuz system to empirical and reliability models of the Space 
Shuttle and Ares 1/Orion systems, which are part of NASA’s Constellation Program. Due to data 
availability and resource constraints the following reliability study is only intended as a starting point, 
not an exhaustive or comprehensive reliability study. There are a lot of questions left unanswered and 
significant research could and should be done. 

It is the hope of the authors that this initial study give the reader a feel for the orders of magnitude of 
reliabilities achieved today, and what is possible and realistic to expect given our current state of 
technology in 2010. 

NASA’s Constellation Program set reliability requirements for the Loss of Mission (LOM) and Loss 
of Crew (LOC) for the mission to the International Space Station (1SS). These reliability 
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requirements were put in place prior to the launcher and spacecraft design phases, and were intended 
as design drivers to develop improved reliability and safety over previous spacecraft systems. 
Probabilistic risk analyses (PRA) were performed during iterative systems engineering design cycles 
to estimate the failure probabilities for the 1SS mission and identify areas for improvement. As the 
program evolved, it became evident that while significant improvements for safety and reliability 
were being identified and implemented on the baseline design configuration, there was a disparity 
between the reliability targets assigned and what seemed to be theoretically achievable. It also seemed 
clear that there were no design or “game changing” technologies that could close the gap, given 
available design commodities and projected performance. The early requirements had been set using 
incomplete and preliminary PRA. There was not strong rationale for the values defined in terms of 
mission need or achievability. Accordingly, the Constellation sought guidance from the 1SS team to 
determine what reliability was actually needed in order to fulfill the 1SS lifeboat mission. 1SS program 
managers responded that the new systems should at least as reliable as the Soyuz. 

Comparison with Soyuz provided a benchmark to determine if the reliability goals were realistic and 
attainable. No other benchmarks for this type of mission exist. And in order to create a new 
benchmark, much more data would be required than was available in any space program. A 
methodology to produce a representative and believable baseline would need to be developed. 
However, due to the relatively limited experiential data available, such a methodology would require 
a combination of experience and a logical means of theoretical prediction. 

Some people believe the Soyuz spacecraft is more reliable human spacecraft because of its simplistic 
design when compared to the Space Shuttle as well as its successful launch history over the last 40 
plus years. The 1SS PRA team already had a PRA model established for the Soyuz spacecraft while 
in orbit. The Constellation Program asked the 1SS PRA team to calculate a Loss of Mission (LOM) 
probability for a Soyuz mission (from launch to reentry) and compare it to the reliability target of 1 in 
200 (5.0E-3) for a Constellation Mission failure. 

2. APPROACH 

There was insufficient design data to build a complete Soyuz PRA model from launch to reentry, as 
was developed for the Space Shuttle, in order to determine the probability of a failed Soyuz mission. 
However, the Soyuz mission can be broken up into 3 different quantifiable phases for the modeling of 
a mission failure. Through NASA’s international partnerships for the 1SS there is information on the 
Soyuz spacecraft while in orbit, and therefore a traditional PRA model already exists for Soyuz while 
in space. Other analysis methodologies using Russian empirical data would need to be used for the 
other two remaining mission phases; namely ascent of the Soyuz rocket and spacecraft and the reentry 
of the Soyuz descent module. 

When evaluating the other methodologies for ascent and reentry, questions arose regarding which 
empirical data should be used. Should only Manned spacecraft mission data be used or should 
unmanned spacecraft mission data be used also? How are these difference missions comparable? Or 
should the launch data be divided into the different rocket stages? If rocket stage data is used, should 
all the data on unmanned rocket stages that are used for manned missions be evaluated? 

When examining the data, the design changes and procedural changes impact the experiential data, 
such that changes have to be accounted for. How are these changes accounted for and do they affect 
the failure predictions? 

Sections 3 and 5 will discuss the options that we considered for calculating probabilities for Ascent 
and Reentry based on the historical data available, including some “estimation techniques.” We 
found three accepted “estimation techniques” for calculating probabilities with the failure data: 
Discounting of Failures, Incipient Failure Probability, and Jeffreys Non-informed Prior applied to a 
Beta Distribution. Section 4 will discuss the 1SS PRA model for the Soyuz spacecraft while in orbit. 
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3. ASCENT PHASE 


Figure 1: Soyuz TMA Launch Profile 



3.1. Historical Rocket Launch or Ascent Data 

First, we collected the history on all the Russian launches. Multiple references were cross-referenced 
to produce the experiential launch data [1] [2]. We divided the launch data into three groups: the R-7 
family, the Soyuz Rocket family, and manned Soyuz Rockets. Figure 2 captures these groups and has 
the Space Shuttle historical launch data added as a reference. There have been two successful launch 
aborts (Soyuz 18a in 1975 and Soyuz T-lOa in 1983) on the 101 manned Soyuz Rockets, these 
failures did not cause a Loss of Crew (LOC) but are considered an LOM. This data was current as of 
April, 2009. 


Figure 2: Historical Rocket Launch Data 


Historical Rocket Launch Data 
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3.2. Historical Manned Soyuz Rocket Stages on All Vehicles 

There have been significant design changes to the rockets since the last launch abort in 1983. 
Currently, the Soyuz spacecraft is launched on the Soyuz FG rocket. There have only been 14 
Manned Soyuz FG launches at the time of data collection. 14 data points is not sufficient to provide a 
mission probability without a high level of uncertainty. We decided to examine the data further and 
found that some of the stages used on the 14 Soyuz FG launches were also used on other manned 
Soyuz rockets. We only included data on stages back to the last launch abort in 1983, with the belief 
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that the failure in 1983 caused numerous design and procedural changes and Soyuz Rocket stage data 
before 1983 would not be indicative of the current design stages. We separated and evaluated the 
stages of the manned Soyuz rockets and determined that the rockets have these stages [1] [2]: 

Soyuz FG - Stage 0 (4 boosters): Blok-B, V, G, D / RD-1 17 

Stage 1: Blok-A/RD-118 
Stage 2: Blok-I / RD-124 
Stage 3 : Fregat 

Soyuz 1 1A51 1U - Stage 0 (4 boosters): Blok-B, V, G, D / RD-1 07-1 1D51 1 
Stage 1: Blok-A/ RD-108-1 1D512 
Stage 2: Blok-1 / RD-1 10 
Stage 3 : Fregat/lkar 

Soyuz 1 1A51 1U2 - Stage 0 (4 boosters): Blok-B, V, G, D / RD-107-1 1D51 IP 
Stage 1: Blok-A/ RD-108-1 1D512P 
Stage 2: Blok-I / RD-1 10 

The number of stages launched on manned Soyuz Rockets since 1983 are in Table 1. In Tables 1-5 
the “Total” row is not the total number of stages that have launched, but is the total number of 
launches that have included one or more of the above stages. 

Table 1: Manned Soyuz Rocket Stages (Since 1983) 



Researching the rocket stage data, we learned that many of the stages used for manned Soyuz rockets 
are also used for unmanned Soyuz rockets (e.g. Progress missions). We expanded the stage data listed 
in Table 1 to include identical stages that were launched on unmanned Soyuz rockets. Unmanned 
Soyuz rockets with identical stages include: Soyuz 2-la, Soyuz 2-lb, Molniya 8K78M-2BL, Molniya 
8K78M-ML, and Molniya 8K78M-SOL. This expanded data includes 634 launches since 1983. A 
total of 1 1 failures have occurred on these 634 flights. Some failure modes are known and are 
attributed to a specific rocket stage; however, some failures modes are unknown and therefore may or 
may not be attributed to one of the manned Soyuz rocket stages from Table 1. 5 failures can be 
identified and traced to a stage that is identical to a stage used on a manned Soyuz rocket. Of the 634 
flights, 6 failures cannot be attributed to a particular stage. These 6 failures may or may not have 
impacted manned Soyuz rockets causing this data to have a high uncertainty. 2 shroud failures 
occurred in 1996 on the Soyuz 11A511U Stage 3 (Fregat stage). Normally data for the Fregat stage 
would not contribute to Soyuz Spacecraft launch data but these two failures were attributed to the 
shroud covering and we assumed that the shroud covering can be directly related to the shroud 
covering of the Soyuz Spacecraft. In 1987 a Soyuz 11A511U Stage 0 Booster exploded on the pad 
(Spacecraft Resurs, Earth observation satellite). In 2002 a Soyuz 1 1 A5 1 1U Stage 0 Booster exploded 
29 seconds after launch (Spacecraft Foton-Ml). In 2005 a Molniya 8K78M-ML Stage 2 failed; this 
rocket stage, Blok-I, is the same stage that is used on the Soyuz 1 1A51 1U launcher. The subsequent 
Soyuz Spacecraft launch was delayed while root-cause analysis was performed. Using only the 5 
failures instead of the 1 1 failures does not drastically improve the reliability of the manned Soyuz 
rocket, see Table 2. 
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Table 2: Manned and Unmanned Soyuz Rocket Stages (Since 1983) 



Table 2 can be narrowed to only include data specific to the current manned Soyuz rocket stages, 
which is the Soyuz FG. 


Table 3: Soyuz FG Rocket Stages (Since 2002) 



The data in Table 1 can additionally be expanded to include the stages of all the manned Soyuz 
spacecraft launches since 1967, see Table 4. 

Table 4: Manned Soyuz Rocket Stages (Since 1967) 



The data in Table 4 can also be expanded to include the stages of all the manned and unmanned Soyuz 
spacecraft launches (which include test flights and unmanned Soyuz spacecraft). 
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Table 5: Un/Manned Soyuz Rocket Stages (Since 1966) 



By separating and grouping the historical stage data we learned that stage probability based on 
historical data is always in the same magnitude when there is significant historical data. However, 
using historical stage data seemed to raise more questions than it answered, like: How similar are the 
stage upgrades? e.g. RD-107-1 1D51 1 and RD-107-1 1D51 IP. How do you account for the unknown 
design and procedural changes within the same stage? e.g. RD-107-1 1D51 1 stage was first launched 
in 1974 and is still being launched as of 2009, surely there has been some design changes. 

3.3. Failure Discounting Methodology on Historical Manned Soyuz Rockets 

The first “estimation technique” evaluated is the Failure Discounting Methodology. Once a failure 
has been analyzed and corrective actions for that specific failure mode have been implemented, the 
probability of the failure’s recurrence is diminished. Failure Discounting is a method of applying a 
reduction factor to a specific failure. It is arbitrary as to how much of a reduction factor is applied to 
a specific failure and it is dependent on how much is know about the failure and the corrective 
action(s). Corrective actions can also introduce new failure modes that were not a part of the original 
design. 

3.3.1 Discounting Failures 

Typically a failure is discounted by 50%, and if there is justification, failures can be discounted by 
66% or more. A sensitivity assessment of different failure discounting factors is applied to the 2 
launch failures (Soyuz 18a and Soyuz T-lOa) in Table 6. It is difficult to determine Russia’s failure 
mode analysis and corrective actions for past failures (even today it is difficult because of the 
sensitivity of the information), so public knowledge sources must be used which is often incomplete 
and contradictory. High Failure Discounting factors are neither defendable nor are they conservative; 
therefore, a low Failure Discounting factor must be utilized. 


Table 6: Failure Discounting Sensitivity on Soyuz Rockets 


Discount 

Failures 

# Launches 

Failure Probability 

1 in 

0.00 

2.00 

101 

1.98E-02 

51 

0.50 

1.00 

101 

9.90E-03 

101 

0.67 

0.67 

101 

6.59E-03 

152 

0.80 

0.40 

101 

3.96E-03 

253 

0.90 

0.20 

101 

1.98E-03 

505 

0.99 

0.02 

101 

1.98E-04 

5050 


3.3.2 Incipient Failure Probability Methodology 

The second “estimation technique” evaluated is the Incipient Failure Probability Methodology. The 
calculation of Incipient Failure Probability assumes that the next Soyuz flight is a failure. For this 
method we considered only the “modem” Soyuz launchers since the beginning of the Mir Program 
(Soyuz FG, Soyuz 11A511U, and Soyuz 11A511U2). This data accounted for 47 launches with no 
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failures on ascent. The incipient failure probability for these 47 launches provides a failure 
probability of 2.08E-02 or 1 in 48. 

3.3.3 Jeffreys Non-informed Prior applied to a Beta Distribution 

The last “estimation technique” evaluated is the Jeffreys Non-informed Prior applied to a Beta 
Distribution. When the Jeffreys Non-informed Prior is applied to a Beta Distribution the Mean 
Failure Probability becomes: 

Mean - -^- (1) 

The same “modem” launch data of 47 launches that is used for Incipient Failure Probability 
Methodology is used as the demand (n) for the Jeffreys Non-informed Prior applied to a Beta 
Distribution. The Beta distribution calculates a launch failure probability of 1.04E-02 or 1 in 96. 

3.4. Reliability Growth 

Initial designs and prototypes are never perfect. Reliability can be improved via an extensive testing 
program to identify flaws and make corrections. Reliability also grows from operating a system and 
learning from the performance, the anomalous behavior, and failures. The process of finding and 
tracking reliability issues and subsequent improvements throughout the design process and 
operational life is known as reliability growth. 

Figure 3 plots the reliability of the Soyuz vehicle using historical data and demonstrates that the 
vehicle has experienced reliability growth over the period analyzed. At each failure point there is a 
sharp drop on the curve that becomes lesser in magnitude as more data - and successes - became 
available. After a sufficient number of launches, the curve would be expected to approach the actual 
vehicle success rate. This supports observations for other rocket launchers that indicate reliability 
tends to increase over time and failures become more isolated as opposed to generic in nature for the 
early stages of flight where changes in the design are enacted [3]. 

Figure 3: Launch Reliability of a Soyuz Rocket Using Historical/Empirical Information 



Reliability growth can also be predicted utilizing a variety of methods such the power law model and 
the exponential model in combination with an established maturity growth model. Such a prediction 
can be made more representative of actual reliability growth by employing maturity growth, precursor 
analysis, and if practical via analysis of failed equipment. Additional factors such as complexity, 
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heritage, level of testing, and analysis of specific environments can also provide increased fidelity to 
the reliability growth estimate. 

While it is recognized that by using historical data, the reliability can sometimes provide an 
optimistic estimate, this study did not employ predictive methods for modelling reliability growth. 
The growth demonstrated by the historical data does, however, support this study’s assertion that 
discounting of early failures, if applied wisely, provides a more realistic estimate of reliability. 

3.7. Samara Operational Reliability 

The Soyuz manufacturer, Samara, advertises on their public website “Operational Reliability” 
numbers for the Soyuz -FG and Soyuz -U of 0.952 and 0.983 [4], Samara also advertises each launch 
vehicle’s number of launches and failures with a “confirmed serviceability index”. See Table 7 for 
the Samara Launch Statistics. Samara’s definition of “Operational Reliability” or “confirmed 
serviceability index” is unclear, but it is interesting to note that their website uses these figures as a 
marketing tool for their product. If the “Operational Reliability” is directly related to a launch success 
rate, then it can be converted into launch failure rates of 4.8E-2 (1 in 21) and 1.7E-2 (1 in 59). 
Figure 4 is a timeline of the historic Soyuz Rocket with a short description of changes and Samara’s 
assumed launch failure rates. 

Figure 4: Samara’s Soyuz Reliability Timeline 



New Telemetry System 


1966- 1974 1974- 1984 1984-1995 \ 1996-2002 2002-2009 

Soyuz Series Soyuz-U Soyuz-U2 J Soyuz-U Soyuz-FG 

67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 00 01 02 03 04 05 06 07 08 09 

* Operational Reliability 
(From Samara Space Center) 
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Table 7: Samara’s Launch Statistics 


Launch 

vehicle 

Total 

launches 

Failure 

launches 

Baikonur 

Plesetsk 

The confirmed 
serviceability 
index 

Total 

launches 

Failure 

launches 

Total 

launches 

Failure 

launches 

"Soyuz-2" 

4 

- 

2 

- 

2 

- 

0.981 

"Soyuz-U” 

752 

20 

316 

9 

436 

11 

0.984 

"Soyuz -FG” 

26 

- 

26 

- 

- 

- 

0.984 

"Soyuz-U2” 

70 

- 

70 

- 

- 

- 

0.984 

"Molniya-M” 

279 

2 

53 

1 

226 

1 

0.980 

"Vostok-2M" 

94 

2 

14 

- 

80 

2 

0.960 

"Soyuz-M" 

8 

- 

- 

- 

8 


0.950 

"Soyuz-L” 

3 

- 

3 

- 

- 


0.900 

"Soyuz” 

32 

2 

32 

2 

- 


0.960 

11A59 

2 

- 

2 

- 

- 


0.875 

"Voskhod” 

299 

14 

138 

3 

161 

11 

0.950 

"Vostok-2A'' 

2 

- 

2 

- 

- 


0.875 

"Vostok-2” 

45 

5 

39 

5 

6 


0.980 

"Molniya” 

40 

11 

40 

11 

- 


0.830 

"Vostok" 

26 

8 

26 

8 

- 


0.810 

"R-7A" 

28 

2 

25 

2 

3 


0.940 

Satellite 

2 

1 

2 

1 

- 


0.830 

Satellite 

2 

- 

2 

- 

- 


0.780 

"R-7” 

26 

9 

26 

9 

- 


0.780 

Total 

launches 

1741 


4. ORBIT PHASE 
4.1. ISSPRA 

The ISS has a complete PRA model to analyze Evacuation, LOC, and Loss of Crew and Vehicle 
(LOCV) scenarios. One of the dynamic scenarios that affect the ISS is the approach, docking, 
undocking, and departure of visiting vehicles. For a complete ISS model the Soyuz spacecraft is 
included and modeled based on information provided by the Russian Space Agency. The Soyuz 
spacecraft PRA model was used to determine the probability of an LOM while in orbit. This 
probability is comparable to the Space Shuttle’s and other international space vehicles. 

5. REENTRY PHASE 


Figure 5: Soyuz TMA Reentry Profile 
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5.1. Historical Soyuz Reentry Data 


As of this report, only 98 Soyuz spacecrafts have attempted reentry. Unlike the Ascent phase there is 
not any other Russian data that can be compared to the reentry of the Soyuz spacecraft. Unmanned 
Russian spacecraft are design to incinerate on reentry. Of the 98 reentry attempts 2 have failed 
(Soyuz 1 in 1967 and Soyuz 1 1 in 1971). There have also been three recent ballistic reentries (one in 
2003 and two in 2007). 

5.2. Failure Discounting Methodology on Historical Soyuz Reentries 

Failure Discounting Methodology as an “estimation technique” may also be applied to the Soyuz 
reentry data. A higher discount factor should be applied to the reentry data then the launch data. The 
reentry failures occurred during the early space flight history (Soyuz 1 in 1967 and Soyuz 11 in 1971) 
and there has not been a catastrophic failure since 1971. After both failures there was a long delay 
until the next flight because of significant design changes. Also, the first flight had many political 
pressures to launch before the Soyuz spacecraft was properly prepared causing so many failures that 
cosmonaut Colonel Vladimir Komarov onboard almost perished on-orbit before even attempting 
reentry. Presently, the Soyuz reentries have proven to be more robust than past failures would 
indicate, as demonstrated by the recent ballistic reentries. 

Figure 6: Soyuz Decent Module Separation Failure/Ballistic Entry 



Table 8: Failure Discounting Sensitivity on Soyuz Reentry 


Discount 

Failures 

# Entries 

Failure Probability 

1 in 

0.00 

2.00 

98 

2.04E-02 

49 

0.50 

1.00 

98 

1.02E-02 

98 

0.67 

0.67 

98 

6.80E-03 

147 

0.80 

0.40 

98 

4.08E-03 

245 

0.90 

0.20 

98 

2.04E-03 

490 

0.99 

0.02 

98 

2.04E-04 

4900 


5.2. 1 Incipient Failure Probability Methodology 

The second “estimation technique” evaluated in the Reentry Phase is the Incipient Failure Probability 
Methodology. The calculation of incipient failure probability assumes that the next Soyuz reentry is a 
failure. For this method we continued to use only the “modem” Soyuz mission data to stay consistent 
with the Ascent phase. This data accounts for 46 reentries with no catastrophic failures. Applying the 
incipient failure methodology to these 46 reentries provides a failure probability of 2.13E-02. 
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5.2.2. Jeffreys Non-informed Prior applied to a Beta Distribution 

The last “estimation technique” evaluated in the Reentry Phase is the Jeffreys Non-informed Prior 
applied to a Beta Distribution. The same “modem” launch data of 46 reentires that is used for 
Incipient Failure Probability Methodology is used as the demand (n) for the Jeffreys Non-informed 
Prior applied to a Beta Distribution. The Beta distribution calculates a reentry failure probability of 
1.06E-02. 


6. CONCLUSION 

The probability of a Soyuz LOM cannot currently be calculated with great certainty because of the 
unknown data completeness of Soyuz failures and the lack of available technical design information 
pertaining to the ascent and reentry of the Soyuz vehicle. 

However, the data that has been collected develops a LOM probability for a Soyuz mission between 
the ranges of 4.80E-2 (1 in 21) and 1.02E-2 (1 in 98). We feel that the Failure Discounting 
methodology applied to the Ascent and Reentry phases combined with the PRA model in orbit 
provide the most defendable probability. A discounting factor of 50% for the Ascent phase and a 
discounting factor of 67% for the Reentry phase are defendable. The difference between the two 
factors is because of the early time frame on the reentry failures and the long delays after those 
failures while corrective actions were put in place. 


While it would be nice to design the next NASA spacecraft to have a mission failure probability in the 
1.0E-3 magnitude range it does not seem feasible with current technology to be able to increase the 
reliability of spaceflight by an order of magnitude without a new break-through in technology. 

For comparison, Figure 6 is the empirical data of LOC for Soyuz and Space Shuttle compared with 
the Space Shuttle predictive PRA and an early Constellation requirement. 


Figure 6: Loss of Crew 
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So one of the key questions that remain is whether the Constellation Program’s design or the 
Commercial cargo or crew vehicle could meet such an ambitious requirement. The answer lies in a 
few key areas. For example, how reliable will the Launch Abort Systems work that essentially 
transforms what would be a EOC scenario and turn it into a EOM scenario. Also whether you can 
take credit for the reliability growth of say a 4 segment solid rocket motor when using a 5 segment 
motor. Certainly the ARES I design is not a totally new launcher, nor is it a typical heritage design 
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you see in aeronautics. There has never been a liquid upper stage mounted on top of a solid first 
stage. However, NASA has a great deal of experience with solid rocket motors, and believes that this 
implementation is inherently safer that a traditional liquid core stage with strap-ons.. 

As for a continuance of the Space Shuttle Program, it does not appear to provide a significant enough 
improvement in risk to warrant the additional expense in addition to the myriad of other hurdles that 
must be overcome. Restarting discounted parts manufacture as well as support systems and structure 
are only a few examples that make extension of the Shuttle Program infeasible. 

There are certainly no “game changing” technologies available to transport humans and cargo off and 
back onto the planet, to utilize an overused phrase. The most significant reliability improvement in 
the example of the Constellation Program design would be the use of a solid rocket first stage. 

As the future of Constellation is unclear, these questions will continue as we debate the role of 
government and the private sector and how much risk we will accept in putting government or NASA 
astronauts on launch systems and vehicles that we have little or at least reduced insight into. Will the 
government or NASA put LOC and LOM requirements on the suppliers of commercial launch 
services? How would they be verified and who would be responsible for verifying them if they did? 
The current Nuclear Regulatory Commission model for nuclear power plant operators might be one 
model to study. The manufacturer of human spaceflight systems whether given the label of 
“Commercial” or “Contractor” will attempt to build the most reliable systems given the budget, 
schedule, and available technology and we all hope they will be many times more reliable than what 
is currently available. 
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